[ovirt-users] Re: CVE-2018-3639 - Important - oVirt - Speculative Store Bypass
On 5/23/2018 7:57 AM, Sandro Bonazzola wrote:
Please note that to fully mitigate this vulnerability, system
administrators must apply both hardware “microcode” updates and
software patches that enable new functionality.
At this time, microprocessor microcode will be delivered by the
individual manufacturers.
Intel has been promising microcode updates since January when Spectre
first appeared and yet except for the very newest CPUs we haven't seen
anything and in the cases of older CPUs, I wonder if we are ever going
to see anything even if Intel has is on their "roadmap"
Can someone shed some light on the vulnerability at this time given we
have no microcode update, but all Kernel/Os updates applied, which
supposedly handle the original Meltdown and some Spectre Variants.
1) Does the unpatched microcode exploit require "root" permissions?
2) Do the existing libvirt/qemu patches prevent a user "root" or
"otherwise" in a VM from snooping on other VMs and/or the host?
Sincerely,
-wk